Mozilla to pay bounty on bugs

Wanted: Dead or alive


Users who identify and report serious security vulnerabilities involving Mozilla are to be rewarded for finding bugs in the open source Web browser software.

The Mozilla Security Bug Bounty Program, launched yesterday, promises a reward of $500 to anyone who finds a "critical" security bug in Mozilla. What constitutes critical will be judged by the Mozilla Foundation staff. Linux software developer Linspire and Mark entrepreneur Shuttleworth have issued seed funding to support the initiative, to be supplemented by donations from Mozilla supporters. The first $5,000 in community contributions will be matched dollar-for-dollar by Shuttleworth.

Mozilla already has a good record of promptly fixing any security problems that arise. The Mozilla Security Bug Bounty Program seeks to further encourage the community's focus on security consciousness and responsiveness. The level of reward has been pitched quite low - if somebody found an exploit they'd doubtless make more money via security firm iDefense's controversial vulnerability contributor program - but that's not really the point. The Mozilla program is probably best viewed as a symbolic gesture of thanks to those who take the trouble to find and report bugs than as a way of providing a financial incentive to expand the number of people looking for problems involving Mozilla.

"This program reflects our commitment to protecting consumers from malicious actors," said Mitchell Baker, President of the Mozilla Foundation. "Recent events illustrate the need for this type of commitment. While no software is immune from security vulnerabilities, bugs in open source projects are often identified and fixed more quickly. The Security Bug Bounty Program will help us unearth security issues earlier, allowing our supporters to provide us with a head start on correcting vulnerabilities before they are exploited by malicious hackers [crackers]."

Users who identify security bugs in Mozilla software are encouraged to go to Mozilla.org/security, which links to more information about which flaws are eligible and how to claim the bounty. ®

Related stories

Mozilla takes bite out of IE
Mozilla bug rears its head
CERT recommends anything but IE
Long-awaited IE patch (finally) arrives
MS posts $250,000 MyDoom worm bounty
MS' anti-virus bounty success
Computer Security: a handbook for the ordinary user (book review)


Other stories you might like

  • Firefox kills another tracking cookie workaround
    URL query parameters won't work in version 102 of Mozilla's browser

    Firefox has been fighting the war on browser cookies for years, but its latest privacy feature goes well beyond mere cookie tracking to stop URL query parameters.

    HTML query parameters are the jumbled characters that appear after question marks in web addresses, like website.com/homepage?fs34sa3aso12knm. Sites such as Facebook and HubSpot use them to track users when links are clicked, and other websites like YouTube use them to enable certain site features too.

    On June 28, Firefox 102 released a feature that enables the browser to "mitigate query parameter tracking when navigating sites in ETP strict mode." ETP, or enhanced tracking protection, encompasses a variety of Firefox components that block social media trackers, cross-site tracking cookies, fingerprinting and cryptominers "without breaking site functionality," says Mozilla's ETP support page.

    Continue reading
  • Old school editor Vim hits version 9 with faster scripting language
    All of the famed user-friendliness and ease of use, but 'drastically' better performance

    Old school editor fans, rejoice: some two and a half years after version 8.2, Vim 9 is here with a much faster scripting language.

    Vim 9 has only a single big new feature: a new scripting language, Vim9script. The goal is to "drastically" improve the performance of Vim scripts, while also bringing the scripting language more into line with widely used languages such as JavaScript, TypeScript, and Java.

    The existing scripting language, Vimscript, remains and will still work. Only scripts beginning with the line vim9script will be handled differently. The syntax changes are relatively modest; the important differences are in things like local versus global variables and functions, and that functions defined with :def will be compiled before they are run. This allows many errors to be caught in advance, but more significantly, compiled functions execute from 10× to 1000× faster.

    Continue reading
  • Iceotope: No need to switch servers to swap air-cooled for liquid-cooled
    Standard datacenter kit just needs a few tweaks, like pulling off the fans

    Liquid cooling specialist Iceotope claims its latest system allows customers to easily convert existing air-cooled servers to use its liquid cooling with just a few minor modifications.

    Iceotope’s Ku:l Data Center chassis-level cooling technology has been developed in partnership with Intel and HPE, the company said, when it debuted the tech this week at HPE’s Discover 2022 conference in Las Vegas. The companies claim it delivers energy savings and a boost in performance.

    According to Iceotope, the sealed liquid-cooled chassis enclosure used with Ku:l Data Center allows users to convert off-the-shelf air-cooled servers to liquid-cooled systems with a few small modifications, such as removing the fans.

    Continue reading
  • Gartner predicts 9.5% drop in PC shipments
    Stark contrast to 11 percent increase year-over-year in 2021 shipments

    The party is over for PC makers as figures from Gartner suggest the market is on course for a breathtaking decline this year.

    According to the analysts, worldwide PC shipments will decline by 9.5 percent, with consumer demand leading the way – a 13.5 percent drop is forecast, far greater than business PC demand, which is expected to drop by 7.2 percent year on year.

    The PC market in the EMEA region is forecast to fare even worse, with a 14 percent decline on the cards for 2022. Gartner pointed the finger of blame at uncertainty caused by conflicts, price increases and simple unavailability of products. Lockdowns in China were also blamed for an impact in consumer demand.

    Continue reading

Biting the hand that feeds IT © 1998–2022